On the security settings of e-commerce website and server intrusion prevention

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

With the vigorous development of e-commerce, more and more domestic enterprises began to dabble in network marketing, the company's business development on the Internet, while the domestic large and small program developers to provide open source CMS program also for the rapid growth of E-commerce has contributed to a great power.

However, because many domestic developers lack of security common sense, so that these open source programs appear a variety of loopholes, small to sdcms, 74cms such a small number of construction station procedures, large to dedecms, discuz such a large intelligent construction station CMS, there are all kinds of loopholes, this is not, A few days ago discuz1.5 burst into an injection loophole, and then with backstage Getshell, a lot of the site should suffer, open source vulnerability can look at my last article: "The safety of electric dealers, such as cms,discuz and other open source construction site procedures loophole protection", here no longer said, Today, the electric business circle to talk about E-commerce sites and server Security configuration skills.

1, the choice of a large number of users, the official technical support of the program, or choose unpopular procedures, the colder the better.

For example, discuz or dedecms are good, although there are a variety of loopholes, but also quick repair, as long as you patched in time, the site is quite safe. Of course, you can also sword walk slant, choose unpopular procedures, not how many people use the program, of course, the study of the loopholes of the people also less, such as the Security Angel Development Sablog is good, small, and itself is safe and reliable, when he burst into a loophole?

2, the condition of their own code for security testing and two development.

The conditions of the electrical business, must be open to these open-source programs two development, two development not only to meet e-commerce needs, but also to repair a large number of official uncovered vulnerabilities 0day (such as SQL injection, cross-station xss,session deception, etc.), so that your site more secure.

3, shut down the server unnecessary services and processes. The less the service, the less the attack.

Have you ever seen a leak in FreeBSD? On the contrary, powerful windows is it not a loophole every day? The more features, the need to consider security factors in all aspects, one point is not considered, that is a devastating blow, the service configuration can be configured as follows:

web+ database One-machine server: Open the Web Service, open the IIS service, open the Sql/mysql service, install the FileZilla FTP server software (do not use Serv, full of vulnerabilities, you understand), the firewall through 80, 21;1433 or 3306 do not open, Connect the database directly through the local connection, do not give intruders any opportunity;

Database Single server: Open Sql/mysql service, install FileZilla FTP server Software (used to upload and download backup database), firewall only through 21 ports;

In short, what is needed to open what, do not need services and software are closed, the port must be filtered well.

This is illustrated below:

Service opening and Deactivation (Control Panel---management tools---services):

Port opening and filtering (Control Panel---firewall):

4, IIS to configure well, directory permissions to be configured well.

IIS deletes unnecessary mappings, does not give permissions to the directory, each Web site corresponds to a guest permission account, avoid, do not lazy all sites use the same account!!!

The configuration diagram is as follows:

IIS Delete mappings & Current permissions configuration:

IIS Directory account binding settings:

After doing these basic security settings, if the corporate Web site is Access database, remember to do the download settings, the other is the Web site management system to modify the complex point, and restrict IP access, while the site management password, and the server related to all the account password set a complex password, and regularly change, of course, if you are afraid to forget the password, you can use the account password to write on the paper to save, avoid, do not save on your own personal computer!

Well, done the basic work, and then to install an anti-virus software server (360 antivirus can, separate installation of anti-virus do not install security guards), regular play system patches, the server is more secure, at least some of the small dishes hackers want to invade your site, you have to do a little kung fu.

Of course, there is no absolute security, as long as you network, there is the possibility of being attacked! Therefore, in the electric circle here to remind you to do e-commerce friends, every day must take time to check the server, and do a good job of data backup, so that the attack can be timely recovery and respond!

Electricity Business Circle Original, welcome reprint, Electric Business Circle Blog Address: http://www.ibxboy.com